Willing to try SQL?
You can run the following SQL query and it will tell you which clients try to download from GUP & which from SEPM.
SELECT [COMPUTER_ID]
,[HARDWARE_KEY]
,[HOST_NAME]
,[TIME_STAMP]
,[EVENT_ID]
,[EVENT_TIME]
,[SEVERITY]
,[AGENT_ID]
,[CATEGORY]
,[EVENT_SOURCE]
,[EVENT_DESC]
,[LOG_IDX]
FROM [Antivirus_SEM5].[dbo].[AGENT_SYSTEM_LOG_1]
WHERE [EVENT_SOURCE] = 'SYLINK'
UNION ALL
SELECT [COMPUTER_ID]
,[HARDWARE_KEY]
,[HOST_NAME]
,[TIME_STAMP]
,[EVENT_ID]
,[EVENT_TIME]
,[SEVERITY]
,[AGENT_ID]
,[CATEGORY]
,[EVENT_SOURCE]
,[EVENT_DESC]
,[LOG_IDX]
FROM [Antivirus_SEM5].[dbo].[AGENT_SYSTEM_LOG_2]
WHERE [EVENT_SOURCE] = 'SYLINK'
ORDER BY [HOST_NAME], [HARDWARE_KEY]
Original post here.